Enterprise Linux Security – Page 4 – Learn Linux TV

YOUR HOME FOR LINUX-RELATED FUN AND LEARNING

Connect with Learn Linux TV:

All Content

⇨

see all

Enterprise Linux Security Episode 75 – RepoJacking
We’ve talked about Supply Chain Attacks on this podcast before, and in this episode Jay and Joao discuss another form of this popular attack vector – RepoJacking! RepoJacking occurs when a repository (such as one hosted on Github) changes information, and due to a link between the old repository info and the new – threat actors can take advantage of this. Join Jay and Joao for a discussion on this attack vector.

Relevant Articles

Thanks to TuxCare for sponsoring this episode! Check them out to see how they can help take your Linux Administration game to the next level.
- GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking
Download Links
- MP3 version
- MP3 version (lower bitrate, smaller file size)
- Ogg version
⇨

Read more: Enterprise Linux Security Episode 75 – RepoJacking
Enterprise Linux Security Episode 74 – Unlucky in Vegas
There’s a multitude of ways you can lose money in Las Vegas, but this time it’s not from gambling. In this episode, Jay and Joao will discuss a recent and still developing story where MGM was the target of what appears to be a ransomware attack.

Thanks to TuxCare for sponsoring this podcast! Check them out and make your life as a SysAdmin much easier!

Relevant Articles
- What Happens in Vegas: MGM Reports ‘Ransomware’ Attack
- Cybersecurity the Biggest Challenge for Smaller Organizations
Download Links
- MP3 version
- MP3 version (lower bitrate, smaller file size)
- Ogg version
⇨

Read more: Enterprise Linux Security Episode 74 – Unlucky in Vegas
Enterprise Linux Security Episode 73 – TruffleHog and CVSS version 4.0
In this episode, Jay and Joao will discuss a recent discovery by Truffle Security that has found 4,500 websites that have exposed a very critical directory. In addition, the upcoming Common Vulnerability Scoring System (CVSS) update, which will bring to version 4.0 – along with some important changes you’ll need to understand.

Relevant Articles
Download Links
- MP3 version
- MP3 version (lower bitrate, smaller file size)
- Ogg version
⇨

Read more: Enterprise Linux Security Episode 73 – TruffleHog and CVSS version 4.0
Enterprise Linux Security Episode 72 – Surveillance Facepalm
Imagine needing to ask your government permission in order to perform tasks such as installing a security patch, implementing an Intrusion Detection System, updating firmware or upgrading your operating system? If this sounds too ridiculous to be true, then you’re right – it is ridiculous, but unfortunately it’s a real proposal. In the U.K., Investigatory Powers Act 2016 (IPA) has had an adjustment proposed that could potentially make securing your systems more difficult than it’s ever been. In this episode, Jay and Joao discuss how these potential changes will complicate pretty much everything.

Relevant Articles
Download Links
- MP3 version
- MP3 version (lower bitrate, lower quality)
- Ogg version
⇨

Read more: Enterprise Linux Security Episode 72 – Surveillance Facepalm
Enterprise Linux Security Episode 71 – Internet DRM
In this episode, Jay and Joao talk about two recent news developments that may have important implications on the overall industry. First, In response to Microsoft’s recent Azure debacle, a US Senator calls for a probe to look into the matter. Second, our main story is yet another facepalm worthy idea from Google that aims to add “integrity” to our browsers, but it’s oddly lacking in said integrity and almost completely devoid of common sense. Google’s “Web Integrity Protection” seems to protect only their ad dollars while making browsing more tedious for the end-user. Will it pass? What is it exactly? Jay and Joao have all the answers in this episode!

Download Links
- MP3 version
- MP3 version (lower bitrate, smaller file size)
- Ogg version
Relevant Articles
⇨

Read more: Enterprise Linux Security Episode 71 – Internet DRM
Enterprise Linux Security Episode 66 – Job Security
In this episode, Jay and Joao discuss another form of security, job security! Throughout the series, we’ve advised and educated on enhancing the security of your enterprise network, but in this episode the focus is on YOU. Specifically, how to safeguard yourself from turnover, raise awareness of your importance to your organization, and how to navigate potential “awkward” conversations that System Administrators may find themselves having with their boss. Don’t miss this episode!

Download links
- MP3 version
- MP3 version (lower bitrate, smaller file size)
- Ogg version
⇨

Read more: Enterprise Linux Security Episode 66 – Job Security
Enterprise Linux Security Episode 65 – Open Source Intelligence Tools (OSINT)
Open Source Intelligence is a very interesting topic – it’s all about the things that might get unknowingly leaked, and this leaked information is perfectly legal to know and possess! The IP address that points to a domain, vacation photos on twitter, or even what you had for lunch can be used against you in order to build a profile. In this episode, Jay and Joao discuss OSINT and some tools that are commonly used to find it.

Download links
- MP3 version
- MP3 version (lower bitrate, lower file size)
- Ogg version
⇨

Read more: Enterprise Linux Security Episode 65 – Open Source Intelligence Tools (OSINT)
Enterprise Linux Security Episode 63 – Their Cloud
According to several sources, and confirmed by Western Digital themselves, there’s been a breach regarding the company’s cloud related offerings, such as “My Cloud” and various cloud-enabled storage products. Many of the details have yet to be revealed, but considering that Western Digital filed a 10-K form with the SEC, it’s very possible that it could be serious. In this episode, Jay and Joao discuss this story so far, with more specific details sure to come.

Download Links
- MP3 version
- MP3 version (lower bitrate, smaller file size)
- Ogg version
Relevant Articles
- Western Digital confirms digital burglary, calls the cops
- Hackers claim vast access to Western Digita
⇨

Read more: Enterprise Linux Security Episode 63 – Their Cloud
Enterprise Linux Security Episode 61 – The Principle of Least Privilege
With the recent takeover of the “Linus Tech Tips” YouTube channel, what can we learn? In this episode, Jay and Joao will discuss some of the ways you can prevent such an event from happening to you (and it’s not just YouTube that’s a target).

Download Links
- MP3 version
- MP3 version (lower bitrate, smaller size)
- Ogg version
⇨

Read more: Enterprise Linux Security Episode 61 – The Principle of Least Privilege
Enterprise Linux Security Episode 59 – AlmaLinux OS
AlmaLinux OS was created around the time of “that big CentOS” announcement, and has been a worthy solution for enterprises that wish to continue with Enterprise Linux, but without the fear of the distribution being changed into something else entirely. As a drop-in replacement for Red Hat, AlmaLinux OS continues to tackle new ground and builds a strong community. In this video, Jay and Joao are joined by Atalay Kelestemur who works on the project to discuss this distribution – and there may even be some surprises in store.

Download Links
- MP3 version
- MP3 version (smaller file, lower bitrate)
- Ogg version
Relevant Articles
- ELevate (migration utility for switching between RHEL derivatives)
- AlmaCare (enterprise support for AlmaLinux OS)
⇨

Read more: Enterprise Linux Security Episode 59 – AlmaLinux OS
Enterprise Linux Security Episode 58 – Tales from the Red Team
Tasks that penetration testers and security analysis perform in order to expose security weaknesses may seem like a mysterious and complicated art. Most of the time, these tasks are considered “secret sauce” and unless you work for a red team, you may not be aware of what it may look like while someone attempts to gain access from the outside. In this episode, Jay and Joao discuss a report released by CISA, that provides a very detailed account at what goes into this type of work. This report is definitely a must-read, and this episode is a must-listen!

Download Links
- MP3 version
- MP3 version (smaller file, lower bitrate)
- Ogg version
Relevant Articles
- CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks
- Ticket Granting Tickets (one of the strategies used by CISA)https://learnlinux.link/golden-ticket
⇨

Read more: Enterprise Linux Security Episode 58 – Tales from the Red Team
Enterprise Linux Security Episode 53 – Digital Twins
By using clever infrastructure engineering strategies to increase reliability, you can minimize disruption and downtime for your organization. Another technique to consider is the concept of Digital Twin – having a full system clone/mirror you can use to test enhancements, perform a root-cause analysis, or more. In this episode, Jay and Joao discuss Digital Twins and how the concept can potentially help your organization.

Download Links
- MP3 version
- MP3 version (smaller file, lower bitrate)
- Ogg version
Relevant Articles
- Digital Twin (Wikipedia article)
- More malicious packages posted to online repository. This time it’s PyPI
⇨

Read more: Enterprise Linux Security Episode 53 – Digital Twins